CVE-2025-15255

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.9HIGH
EPSS
0.3%
top 48.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda W6-sTenda W6-s Firmware
Timeline
PublishedDec 30

Description

A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/w6-s1.0.0.4(510)
NVDtenda/w6-s_firmware1.0.0.4\(510\)

🔴Vulnerability Details

2
GHSA
GHSA-pw2q-c8xj-w9fw: A vulnerability was determined in Tenda W6-S 12025-12-30
CVEList
Tenda W6-S R7websSsecurityHandler httpd stack-based overflow2025-12-30
CVE-2025-15255 (HIGH CVSS 8.9) | A vulnerability was determined in T | cvebase.io